Online Security Best Practices
FM Bank views security of your account and personal data with very high importance. With security threats, such as phishing and identity theft on the rise, we provide retail and business customers with information and resources to help strengthen online security when using online banking services.
Our online and mobile banking systems are continuously being enhanced to ensure a secure environment. Customers should follow steps to protect confidential information while performing financial transactions online. FM Bank is not responsible for breaches of security beyond our control.
The following Best Security Practices should be exercised by all Online Banking users:
- Create a strong Online Banking password that is hard to guess by using random letters, numbers, and symbols. Do not use words found in the dictionary or identifying information such as your name, birth date, or child's name.
- Do not share your password with anyone else and do not use the Save Password option on your computer.
- Change your password regularly and signoff of the online banking session when finished.
- Run anti-virus and anti-malware software on the computer you use for online banking transactions and ensure that the software definitions are kept up-to-date.
- Use a current Internet browser with 128 bit encryption.
- Run, on a regular basis, software updates and patches, especially for the operating system, internet browser, and add-on programs.
- Use personal firewall software or ensure the firewall is enabled on your home wireless router and enable security on your home wireless router.
- Avoid clicking on links or downloading software from unverified or unknown sources.
- Use the same precautions on your mobile device as you would on your computer when using the Internet.
- Get to know the features of your mobile device, including the default settings. Turn off features on your device not needed to minimize the possibility of attacks.
- Check reviews of the developer/company who publish apps before downloading them.
- Review and understand the permissions you are giving when you download apps.
- Enable passcode protection, facial recognition, and the screen lock feature on your mobile device.
- Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications or malware.
- Reset the phone to factory default settings if you decide to sell your device or trade it in.
- Routinely update your mobile device with operating system and firmware updates.
- Educate yourself on good cyber security practices and how to avoid having malware installed on a computer and how to avoid phishing attacks
Conducting business account transactions online can present additional risks and threats to the safety and security of your account. A growing cyber-threat is Corporate Account Takeover, which occurs when a cyber-thief gains control of a business’ bank account by stealing passwords and other valid credentials.
Business computer hacking has quickly gone from a growing threat to becoming a very common activity. The current version involves malware placed on your business PC that is activated when you log onto your Online Banking. At that moment, the hacker has become you and assumed the ability to take control of your access levels. If you are initiating an ACH or wire transaction, the hacker may be able to change the information that you have entered after you think you have completed this transaction. This includes changing the account number, Bank routing number and/or the dollar amount after you think you have signed off.
In addition to the Best Security Practices above, the following should be exercised by Business Online Banking users:
- Provide continuous communication and education to employees using online banking systems. Providing enhanced security awareness training will help ensure employees understand the security risks related to their duties
- Adhere to dual control procedures
- Perform a risk assessment and controls evaluation periodically
- Update anti-virus and anti-malware programs frequently
- Update, on a regular basis, all computer software to protect against new security vulnerabilities (patch management practices)
- Communicate to employees that passwords should be strong and should not be stored on the device used to access online banking
- Use separate devices to originate and transmit wire/ACH instructions
- Transmit wire transfer and ACH instructions via a dedicated and isolated device
- Practice ongoing account monitoring and reconciliation, especially near the end of the day
- Adopt advanced security measures by working with consultants or dedicated IT staff
- Utilize resources provided by trade organizations and agencies that specialize in helping small businesses
Remember that we will never ask you to enter personal or account information during the login process for any of the online banking pages where the information requested is not relevant to the transaction. You should not enter sensitive data if you are prompted to do so. We will not call you to request account or card information or call to solicit information regarding your financial business. You should always be alert when receiving calls or electronic communications requesting your account information or confidential information. If you are unsure of the call, it is a good policy to hang up and initiate a call back to a published number.
Electronic funds Transfers are protected under Reg E. These protections only apply to consumer accounts. Business accounts are not covered by these protections. Review the full Electronic Funds Transfer Agreement HERE. Call us immediately if your ATM/Debit card is lost or stolen or your Online Banking password has been compromised. Telephoning is the best way to keep your possible losses down. If you tell us within two (2) business days after you learn of loss or theft, you can limit your liability to $50. Notifying us more than two (2) business days after the loss can increase your liability up to $500. Review your monthly statement as soon as it arrives. If your statement shows any electronic transactions you did not make, you must tell us within sixty (60) days to limit your liability. If you wait to notify us, you will be liable for the unauthorized electronic transactions. So review your statement every month and report any suspicious activity immediately.
Being vigilant in monitoring account activity and alert for red flags related to computer and network anomalies can reduce the risks of electronic theft and aid in the detection of a theft in progress.
Suggested methods of monitoring account activity:
- Review your monthly bank statement for account activity.
- Use Online Banking or Telephone Banking to view account activity conveniently at any time of day.
- Use Account Alerts through Online Banking and Bill Pay to set email or text notifications for activity such as online access or password changes, low account balances, transfers or withdrawals, new payees for bill pay set up, etc.
- Businesses owners/managers should review Online Banking activity reports and scan network access for unidentified IP addresses, after hours attempted access and other suspicious activity.
Warning Signs that your computer system/network may have been compromised:
- Dramatic loss of computer speed;
- Changes in the way web pages, graphics, text or icons appear;
- Computer locks up so the user is unable to perform any functions;
- Unexpected rebooting or restarting of computer;
- Unexpected request for a one time password (or token) in the middle of an online session;
- Unusual pop-up messages, such as “try back later” or “system is undergoing maintenance”;
- New or unexpected toolbars and/or icons;
- Inability to shut down or restart.